π― Obiettivi
πΊοΈ Topologia
π Guida
Lab β NAT & PAT
R1 con LAN interna (192.168.1.0/24) e link WAN (203.0.113.0/30). Configura 3 tipi di NAT: static per il server web, dynamic con pool, e PAT overload per tutta la LAN.
0%
NAT: LAN β Internet
π₯οΈ LAN
192.168.1.0/24
192.168.1.0/24
βGi0/0 (inside)β
R1
NAT router
NAT router
βGi0/1 (outside)β
π Internet
203.0.113.0/30
203.0.113.0/30
IP pre-configurati:
R1 Gi0/0: 192.168.1.1/24 (inside)
R1 Gi0/1: 203.0.113.1/30 (outside)
SRV-WEB: 192.168.1.100 (server web interno)
PC1: 192.168.1.10 | PC2: 192.168.1.11
ISP: 203.0.113.2 (next-hop)
IP pubblici disponibili: 203.0.113.10β.14
Default route giΓ configurata.
R1 Gi0/0: 192.168.1.1/24 (inside)
R1 Gi0/1: 203.0.113.1/30 (outside)
SRV-WEB: 192.168.1.100 (server web interno)
PC1: 192.168.1.10 | PC2: 192.168.1.11
ISP: 203.0.113.2 (next-hop)
IP pubblici disponibili: 203.0.113.10β.14
Default route giΓ configurata.
1Inside / Outside
int Gi0/0 β ip nat inside
int Gi0/1 β ip nat outside
int Gi0/1 β ip nat outside
2Static NAT β Server Web
ip nat inside source static 192.168.1.100 203.0.113.10
Il server interno Γ¨ raggiungibile dall'esterno a .10
Il server interno Γ¨ raggiungibile dall'esterno a .10
3Dynamic NAT β Pool
ip nat pool INTERNET 203.0.113.11 203.0.113.14 netmask 255.255.255.240
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 pool INTERNET
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 pool INTERNET
4Cambia in PAT β Aggiungi overload
Rimuovi il dynamic: no ip nat inside source list 1 pool INTERNET
Aggiungi PAT: ip nat inside source list 1 interface Gi0/1 overload
Aggiungi PAT: ip nat inside source list 1 interface Gi0/1 overload
5Verifica
show ip nat translations
show ip nat statistics
Da PC1: ping 8.8.8.8
show ip nat statistics
Da PC1: ping 8.8.8.8
π‘ Ricorda: la wildcard nell'ACL Γ¨ 0.0.0.255, NON 255.255.255.0!
R1 β Console
R1
PC1
PC2
SRV-WEB
R1>